ci-builder¶
The ci-builder Kayobe environment is used to build Kolla container images.
Images are built using package repositories in the StackHPC development Pulp
service, and pushed there once built.
Warning
This guide was written for the Yoga release and has not been validated for Zed. Proceed with caution.
Prerequisites¶
a Rocky Linux 9 or Ubuntu Jammy 22.04 host
access to the Test Pulp server on SMS lab
Setup¶
Access the host via SSH.
Install package dependencies.
On Rocky Linux:
sudo dnf install -y python3-virtualenv
On Ubuntu:
sudo apt update
sudo apt install -y python3-virtualenv
Clone the Kayobe and Kayobe configuration repositories (this one):
cd mkdir -p src pushd src git clone https://github.com/stackhpc/kayobe.git -b stackhpc/zed git clone https://github.com/stackhpc/stackhpc-kayobe-config -b stackhpc/zed kayobe-config popd
Create a virtual environment and install Kayobe:
cd
mkdir -p venvs
pushd venvs
virtualenv kayobe
source kayobe/bin/activate
pip install -U pip
pip install ../src/kayobe
popd
Add initial network configuration:
sudo ip l add breth1 type bridge
sudo ip l set breth1 up
sudo ip a add 192.168.33.3/24 dev breth1
sudo ip l add dummy1 type dummy
sudo ip l set dummy1 up
sudo ip l set dummy1 master breth1
Installation¶
Acquire the Ansible Vault password for this repository, and store a copy at
~/vault-pw.
The following commands install Kayobe and its dependencies, and prepare the Ansible control host.
export KAYOBE_VAULT_PASSWORD=$(cat ~/vault-pw)
pushd ~/venvs/kayobe
source bin/activate
popd
pushd ~/src/kayobe-config
source kayobe-env --environment ci-builder
kayobe control host bootstrap
Deployment¶
Next, configure the host OS & services.
kayobe seed host configure
Authenticating Pulp proxy¶
If you are building against authenticated package repositories such as those in Ark, you will need to provide secure access to the repositories without leaking credentials into the built images or their metadata. This is typically not the case for a client-local Pulp, which provides unauthenticated read-only access to the repositories on a trusted network.
Docker provides build secrets, but these must be explicitly requested for each RUN statement, making them challenging to use in Kolla.
StackHPC Kayobe Configuration provides support for deploying an authenticating Pulp proxy that injects an HTTP basic auth header into requests that it proxies. Because this proxy bypasses Pulp’s authentication, it must not be exposed to any untrusted environment.
To deploy the proxy:
kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/pulp-auth-proxy.yml
Building images¶
At this point you are ready to build and push some container images.
kayobe seed container image build --push
kayobe overcloud container image build --push
If using an authenticating Pulp proxy,
append -e stackhpc_repo_mirror_auth_proxy_enabled=true to these commands.
The container images are tagged as zed-<datetime>.
To use the new images, edit
~/src/kayobe-config/etc/kayobe/kolla.yml to set the above
tag as the value of the kolla_openstack_release variable.